Mail-in-a-box

Google has decided to shut down the old G Suite Free Edition of which I had two – one for private and family things and one for work related things. As I only really used it for mail, I’ve moved everything to Mail-in-a-box.

Google Workspaces are €6/month per user, while I can have unlimited users on a €3/month VPS with Mail-in-a-box. Kinda hard to beat.

I only used these Google services for email. After the Snowden revelations I moved everything else to a Nextcloud instance on a VPS. Now the email has gone too.

Mail-in-a-box – a mail server made easy

Setting up and running a properly configured and working mail server is not easy. I ran my own ten years ago, before I moved to Google Apps, but it was such a waste of time.

The main culprit for the complexity is, I believe, spam.

Most of the complications of running a mail server are about avoiding sending spam unknowingly, having others filter or block your mail as spam, or simply being inundated with it.

Mail-in-a-box will do all the nitty-gritty of configuring a complete mail server with web-mail, contacts, calendars and a simple but functional web-based admin interface.

Skill requirements

You need to be able to set up a Linux server on the internet somehow, and you need to be confident with ssh and the command line.

You do not need to be an SMTP, IMAP, POP, DKIM or DNS wizard.

Basic setup and installation

Mail-in-a-box is a complete solution built on Ubuntu 18. You need the right version, or Mail-in-a-box won’t run.

I made a small VPS with Aruba, an Italian hosting provider, for €3/month, 1Gb ram and 20Gb storage, which leaves about 15Gb after installation. I could chose a preconfigured Ubuntu 18 image, which made it all the easier.

Mail-in-a-box is a shell script you download and run as root. It’ll install all the needed packages, ask a few questions and configure everything for you. The questions are mostly the fully qualified hostname and and initial user account.

First time I set it up with one of my secondary domains, but the script is safe to re-run, so I could easily reconfigured everything for my primary domain.

Once installation and configuration is done (almost automatically) there’s a web-based admin interface for all the rest.

The contents of the box

There’s quite a bit in the box:

  • Postfix – for sending and receiving email;
  • Dovecot – IMAP server;
  • Roundcube – web mail;
  • Nextcloud – a minimal instance for contacts and calendars;
  • Let’s Encrypt certificate handling;
  • A DNS server;
  • A backup system, local or remote;
  • Munin for server status surveillance;
  • A minimal web server for static pages; and
  • An admin interface.

Practically everything is configured out of the box or through the admin interface.

Everything is integrated.

There’s a unified user database, so you login to all the different parts using a single login (your email address) and a single password.

The contacts in Nextcloud are available in the web mail.

I haven’t had to touch a configuration file for anything directly.

This is as close to “it just works” as I’ve seen on Linux.

DNS

There are lots of DNS entries for mail, and while it is possible to use other DNS servers, it is a lot of work setting up all the different A, NS, MX, TXT and SRV records.

Mail-in-a-box has a primary DNS server included, which has all the needed records.

For most of the fifteen or such domains I have, in four or five groups, it was far easier to change the primary DNS server for the domain to the Mail-in-a-box server than to enter all those records in the hosting provider’s web interface.

Since I have another VPS with web sites and my primary Nextcloud instance, I could easily configure that as secondary DNS server and use the mail box as the primary DNS.

I have one domain, in Denmark, where I cannot do that. Fortunately Mail-in-a-box offers a very long list of what you need to configure in an external DNS service to work from, so it’s mostly just tedious copy and paste work.

Configuring mail clients

Receiving, reading and sending mails using the web mail works straight out of the box.

On our home computers we use Thunderbird, but Mail-in-a-box sets up the necessary DNS names and files for auto-configuration, so we just needed to enter our primary email address and our password, and Thunderbird got the rest directly from Mail-in-a-box.

The Gmail app on Android phones doesn’t do that, so there we had to enter the hostname manually.

Apparently the Gmail app for Android only do threaded mail reading for Gmail accounts, so the experience is less pleasing. I installed FairEmail on my phone, and it got the configuration automatically.

Relaying

My Linux systems tend to send me emails every once in a while. They’re mostly the output of cron jobs, various reminders, or notices of system updates.

First thing, I created a ‘relay@mail.server’ on the Mail-in-a-box server, so I could configure the mailer daemon on the other computers to relay through the mail server authenticated as the relay user.

The mail server promptly rejected the mails, saying that the ‘relay’ user wasn’t authorised to send mails from those senders (such as ‘root@web.server’).

The solution was to create several aliases for the relay user, for each of the sender envelope addresses coming out of the web server.

Mail from our home computers were likewise rejected, because the hostnames used didn’t resolve in DNS. They’re internal hostnames on home networks, so I’m not putting them in DNS.

In the end I reconfigured Exim4 on these computers to use the primary domain for envelope addresses, and then mail is then accepted by the mail server, if there’s an alias for the relay user for the sender envelope address.

This means having aliases like ‘root@primary.domain’ and ‘www-data@primary.domain’ for the relay user.

Conclusions

Mail-in-a-box makes it very easy to setup and run a correctly configured mail server, which normally is labour intensive and troublesome.

Most of the time spent making a replacement mail server for the old G Suite setup was in transferring all the domains to the Mail-in-a-box DNS server and getting relaying to work as I wanted.

Otherwise it’s been a breeze.

Leave a Reply

Your email address will not be published.